Return NULL on corrupt input

	PR binutils/17512
	* elf32-i386.c (elf_i386_get_plt_sym_val): Return NULL on corrupt
	input.
	* elf64-x86-64.c (elf_x86_64_get_plt_sym_val): Likewise.

diff --git a/bfd/ChangeLog b/bfd/ChangeLog
index 0545a7ef0b96b55de401ba1dd50f6d0c8622b648..5215aa73cf4c0a65f55624ab5adcd27d659bd303 100644 (file)
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,3 +1,10 @@
+2015-01-05  H.J. Lu  <hongjiu.lu@intel.com>
+
+       PR binutils/17512
+       * elf32-i386.c (elf_i386_get_plt_sym_val): Return NULL on corrupt
+       input.
+       * elf64-x86-64.c (elf_x86_64_get_plt_sym_val): Likewise.
+
 2015-01-05  Nick Clifton  <nickc@redhat.com>
 
        PR binutils/17512

diff --git a/bfd/elf32-i386.c b/bfd/elf32-i386.c
index 85acf0fce6d53c9e77414f56d335ae50c42c4af9..cf072a31207838d3240f0847d173cdf1e3e7b54e 100644 (file)
--- a/bfd/elf32-i386.c
+++ b/bfd/elf32-i386.c
@@ -5194,9 +5194,12 @@ bad_return:
     {
       long reloc_index;
 
-      if (p->howto == NULL /* PR 17512: file: bc9d6cf5.  */
-         || (p->howto->type != R_386_JUMP_SLOT
-             && p->howto->type != R_386_IRELATIVE))
+      /* PR 17512: file: bc9d6cf5.  */
+      if (p->howto == NULL)
+       goto bad_return;
+
+      if (p->howto->type != R_386_JUMP_SLOT
+         && p->howto->type != R_386_IRELATIVE)
        continue;
 
       reloc_index = H_GET_32 (abfd, (plt_contents + plt_offset

diff --git a/bfd/elf64-x86-64.c b/bfd/elf64-x86-64.c
index cf63d6ac3a57663427f19815be2be0f4ab05e828..5cbb6fd9ba28d0492fd6820ad3f9a429ab5ca0f0 100644 (file)
--- a/bfd/elf64-x86-64.c
+++ b/bfd/elf64-x86-64.c
@@ -5559,6 +5559,9 @@ bad_return:
     {
       long reloc_index;
 
+      if (p->howto == NULL)
+       goto bad_return;
+
       if (p->howto->type != R_X86_64_JUMP_SLOT
          && p->howto->type != R_X86_64_IRELATIVE)
        continue;